diff --git a/app/Http/Controllers/PublicApiController.php b/app/Http/Controllers/PublicApiController.php index c28ad1283..88dcfab71 100644 --- a/app/Http/Controllers/PublicApiController.php +++ b/app/Http/Controllers/PublicApiController.php @@ -5,6 +5,7 @@ namespace App\Http\Controllers; use Illuminate\Http\Request; use App\{ Hashtag, + Follower, Like, Media, Notification, @@ -30,7 +31,7 @@ class PublicApiController extends Controller public function __construct() { - $this->middleware('throttle:200, 15'); + $this->middleware('throttle:200, 30'); $this->fractal = new Fractal\Manager(); $this->fractal->setSerializer(new ArraySerializer()); } @@ -50,6 +51,7 @@ class PublicApiController extends Controller { $profile = Profile::whereUsername($username)->first(); $status = Status::whereProfileId($profile->id)->find($postid); + $this->scopeCheck($profile, $status); $item = new Fractal\Resource\Item($status, new StatusTransformer()); $res = [ 'status' => $this->fractal->createData($item)->toArray(), @@ -73,6 +75,7 @@ class PublicApiController extends Controller $limit = $request->limit ?? 10; $profile = Profile::whereUsername($username)->first(); $status = Status::whereProfileId($profile->id)->find($postId); + $this->scopeCheck($profile, $status); if($request->filled('min_id') || $request->filled('max_id')) { if($request->filled('min_id')) { $replies = $status->comments() @@ -100,4 +103,47 @@ class PublicApiController extends Controller $res = $this->fractal->createData($resource)->toArray(); return response()->json($res, 200, [], JSON_PRETTY_PRINT); } + + protected function scopeCheck(Profile $profile, Status $status) + { + if($profile->is_private == true && Auth::check() == false) { + abort(404); + } + + switch ($status->scope) { + case 'public': + case 'unlisted': + $user = Auth::check() ? Auth::user() : false; + if($user && $profile->is_private) { + $follows = Follower::whereProfileId($user->profile->id) + ->whereFollowingId($profile->id) + ->exists(); + if($follows == false && $profile->id !== $user->profile->id) { + abort(404); + } + } + break; + + case 'private': + $follows = Follower::whereProfileId($user->profile->id) + ->whereFollowingId($profile->id) + ->exists(); + if($follows == false && $profile->id !== $user->profile->id) { + abort(404); + } + break; + + case 'direct': + abort(404); + break; + + case 'draft': + abort(404); + break; + + default: + abort(404); + break; + } + } } diff --git a/app/Transformer/Api/EmojiTransformer.php b/app/Transformer/Api/EmojiTransformer.php new file mode 100644 index 000000000..0d7fd10f7 --- /dev/null +++ b/app/Transformer/Api/EmojiTransformer.php @@ -0,0 +1,18 @@ + '', + 'static_url' => '', + 'url' => '', + 'visible_in_picker' => false + ]; + } +} diff --git a/app/Transformer/Api/InstanceTransformer.php b/app/Transformer/Api/InstanceTransformer.php new file mode 100644 index 000000000..bc7783bc9 --- /dev/null +++ b/app/Transformer/Api/InstanceTransformer.php @@ -0,0 +1,25 @@ + $instance->url, + 'title' => null, + 'description' => null, + 'email' => null, + 'version' => null, + 'thumbnail' => null, + 'urls' => [], + 'stats' => [], + 'languages' => null, + 'contact_account' => null + ]; + } +} diff --git a/app/Transformer/Api/NotificationTransformer.php b/app/Transformer/Api/NotificationTransformer.php new file mode 100644 index 000000000..d5afa1b60 --- /dev/null +++ b/app/Transformer/Api/NotificationTransformer.php @@ -0,0 +1,51 @@ + $notification->id, + 'type' => $this->replaceTypeVerb($notification->action), + 'created_at' => (string) $notification->created_at, + 'account' => null, + 'status' => null + ]; + } + + public function includeAccount(Notification $notification) + { + return $this->item($notification->actor, new AccountTransformer()); + } + + public function includeStatus(Notification $notification) + { + $item = $notification->item; + if(get_class($item) === 'App\Status') { + return $this->item($item, new StatusTransformer()); + } else { + return null; + } + } + + public function replaceTypeVerb($verb) + { + $verbs = [ + 'follow' => 'follow', + 'mention' => 'mention', + 'reblog' => 'share', + 'like' => 'favourite', + ]; + return $verbs[$verb]; + } +} diff --git a/config/pixelfed.php b/config/pixelfed.php index c238da959..dbb99cac8 100644 --- a/config/pixelfed.php +++ b/config/pixelfed.php @@ -23,7 +23,7 @@ return [ | This value is the version of your PixelFed instance. | */ - 'version' => '0.2.1', + 'version' => '0.3.0', /* |--------------------------------------------------------------------------